From 70cbe91776d1de10f2767c6a5ad5912fd705bdd3 Mon Sep 17 00:00:00 2001
From: leonklingele <git@leonklingele.de>
Date: Mon, 16 Mar 2020 06:46:08 +0900
Subject: Migrate to a good Content Security Policy (#1023)

So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
---
 assets/js/subscribe_widget.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'assets/js/subscribe_widget.js')

diff --git a/assets/js/subscribe_widget.js b/assets/js/subscribe_widget.js
index 6c21bffb..216c36fe 100644
--- a/assets/js/subscribe_widget.js
+++ b/assets/js/subscribe_widget.js
@@ -1,3 +1,5 @@
+var subscribe_data = JSON.parse(document.getElementById('subscribe_data').innerHTML);
+
 var subscribe_button = document.getElementById('subscribe');
 subscribe_button.parentNode['action'] = 'javascript:void(0)';
 
-- 
cgit v1.2.3